US20200244624A1 - Method for Filtering Communication Data Arriving Via a Communication Connection, in a Data Processing Device, Data Processing Device and Motor Vehicle - Google Patents

Method for Filtering Communication Data Arriving Via a Communication Connection, in a Data Processing Device, Data Processing Device and Motor Vehicle Download PDF

Info

Publication number
US20200244624A1
US20200244624A1 US16/632,611 US201816632611A US2020244624A1 US 20200244624 A1 US20200244624 A1 US 20200244624A1 US 201816632611 A US201816632611 A US 201816632611A US 2020244624 A1 US2020244624 A1 US 2020244624A1
Authority
US
United States
Prior art keywords
data processing
communications
processing device
data
filter means
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US16/632,611
Other versions
US11582189B2 (en
Inventor
Changsup Ahn
Kamil Zawadzki
Markus Klein
Hans Georg Gruber
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Audi AG
Original Assignee
Audi AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Audi AG filed Critical Audi AG
Assigned to AUDI AG reassignment AUDI AG ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Ahn, Changsup, GRUBER, HANS GEORG, KLEIN, MARKUS, DR., ZAWADZKI, KAMIL
Publication of US20200244624A1 publication Critical patent/US20200244624A1/en
Application granted granted Critical
Publication of US11582189B2 publication Critical patent/US11582189B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • G06F13/4004Coupling between buses
    • G06F13/4027Coupling between buses using bus bridges
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/42Bus transfer protocol, e.g. handshake; Synchronisation
    • G06F13/4282Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2213/00Indexing scheme relating to interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F2213/0026PCI express

Definitions

  • the present disclosure relates to a method for filtering communications data, arriving from a communications partner via a communications connection that allows access to at least one storage means of a receiving data processing device, in the data processing device, a data processing device, and a motor vehicle.
  • interpose bridging means which can be designed for example as a multiplexer, switch, or the like.
  • Bridging means of this kind can be “transparent” or “non-transparent,” and, therefore, act directly as a communications partner or allow a data processing device that can be reached via the bridging means to appear as a direct communications partner.
  • a plurality of different architectures are possible and known.
  • the communications partners conventionally obtain direct access to storage means and arithmetic units of the data processing devices communicating therewith.
  • overall apparatuses or the data processing systems thereof comprise security-critical parts which are intended to communicate with less safety-critical regions.
  • driving and/or security system-related controllers as data processing devices, in particular also with respect to autonomous driving, to be rather security-critical data processing devices and which should therefore be associated with a security region, but which nonetheless are intended to communicate with data processing devices, in particular further controllers, assessed as less security-critical.
  • providing a bidirectional connection that allows access to storage means and/or arithmetic units in the security-critical data processing device would allow data processing devices classed as less security-critical, as communications partners, to carry out manipulations within the security-critical data processing device, for example, if the less security-critical communications partner has been hacked or replaced and/or the communications data were manipulated during transmission via the communications connection.
  • DE 10 2012 017 339 A1 relates to a computer system comprising at least two CPUs which each comprise a PCIe bus hierarchy, by means of which messages, which each comprise an origin address, a destination address, and a payload, can be transmitted between connected communications devices.
  • the PCIe bus hierarchies are connected by a bridging means, such that messages can be exchanged between communications devices that are connected to different PCIe bus hierarchies, the computer system comprising at least one peripheral device having a communications device which can be used jointly by the CPUs, the bridging means comprising a translation means, which is designed for translating the destination address of messages that are transmitted from one PCIe bus hierarchy to another.
  • observation devices for monitoring the messages transmitted by the bridging means, between the bridging means and the PCIe hierarchies.
  • observation devices for monitoring the messages transmitted by the bridging means, between the bridging means and the PCIe hierarchies.
  • destination addresses and origin addresses can be evaluated, in order to reject messages if necessary.
  • observation devices are provided there at central positions in the data processing systems, which devices are to be configured as a whole.
  • This solution is complex and inflexible, in particular if the observation devices are also subject to configuration access of less security-critical data processing devices.
  • FIG. 1 shows a data processing device, in accordance with some embodiments.
  • FIG. 2 shows an operating sequence of a method, in accordance with some embodiments.
  • FIG. 3 shows a definition of security levels, in accordance with some embodiments.
  • FIG. 4 shows a schematic sketch of a motor vehicle, in accordance with some embodiments.
  • the object of the present disclosure is therefore that of specifying a possibility for improved, more flexible, and more independent protection of data processing devices within a data processing system of an overall apparatus, in particular of a motor vehicle.
  • a method includes receiving, at an interface unit of the data processing device, the communications data, using a filter means that is implemented as hardware at least in part, in accordance with configuration information that is specified on the side of the data processing device.
  • the filter means contains at least one authorization condition that assesses at least one property of the payload contained in the communications data, and forwards only communications data that fulfill the at least one authorization condition from the interface unit to at least one further component of the data processing device.
  • the present disclosure is therefore based on the concept of implementing a hardware-based firewall, in the form of a filter means, on the side of the receiving data processing device.
  • the filter means is assessed as security-critical, or the data processing device located in a security region, in which firewall is implemented by an interface unit, for example, a PCIe controlling chip.
  • the payload can comprise control commands acting on the at least one storage means, the filter means being applied at least to the control signals.
  • the procedure described here can also be applied to other payloads in the communications data, since it can also be the case that other payloads can cause damage in the memory of a data processing device and/or in an arithmetic unit of a data processing device.
  • the filter means can reduce the amount of the available payload, in particular control signals which are actually forwarded to the relevant components, i.e., in particular the storage means and/or arithmetic unit, to the amount that is necessary and ensures security. In this way, the attack surface is minimized by the communications connection, without having to omit a fully functional feedback channel.
  • the filter means is configured by the data processing device itself using a separate configuration channel within the data processing device, in particular proceeding from the arithmetic unit, and/or an existing configuration interface of the interface unit. Accordingly, the data processing device in a data processing system has control over the incoming messages and messages to be filtered out, via the communications connection.
  • the present disclosure protects against incoming attacks and provides maximum autonomy to the data processing device as a subsystem instead of opening up access to an observation device centrally manipulating throughout data processing system.
  • the data processing device can use its own firewall in the form of the filter means. There is no master device that could change the firewall configuration information, since only the data processing device itself can change the configuration. Furthermore, each data processing device can react to incoming attaches and reduce, or even entirely close, the communications connection by means of corresponding reconfiguration of the filter means.
  • the filter means can assess the content of the communications data, i.e., the payload. While the approaches known in the prior art can be referred to as “stateless packet inspection,” the present disclosure can be referred to as “stateful packet inspection.” Therefore, the content, in addition to the origin, the destination, and the communications path that the communications data have taken, is assessed. Accordingly, to directly access the payload, authorization criterion can access corresponding properties of the communications data contained in the header of packet-based communication. Therefore, forming the filter means in hardware at least in part, i.e., in particular integration in a chip that forms the interface unit, further restricts the possibilities of manipulation.
  • filtering the communications traffic within the data processing device itself, but outside of the arithmetic unit and the storage means allows for strict separation in distributed systems of data processing devices.
  • the filter means in the interface unit i.e., in particular in an external chip, furthermore makes it possible to use more simple residual components, in particular arithmetic units, for example, CPUs, in security-critical data processing devices, which use the communications standard of the communications connection. Outsourcing the filter means in the interface unit thus reduces the complexity of the data processing device itself.
  • the mechanism according to embodiments as described herein can also be used in multiplexed/demultiplexed communications connections. In particular, a bridging means that is used does not need to have any information about the filter processes.
  • a communications connection according to the PCI Express (PCIe) communications standard is used.
  • PCIe communications connection in principle represents a packet-based point-to-point connection, which as described at the outset, can also be used for a plurality of communications partners, by way of bridging means.
  • the filter means may be applied in a communications layer acting in accordance with a communications standard used in the communications connection for the physical transport of formatted communications data, in particular a transaction layer in PCI Express.
  • a communications standard used in the communications connection for the physical transport of formatted communications data
  • the filtering can purposely be located as close as possible to the physical reception of the communications data, in order to minimize the influence thereof on the data processing device, in particular the storage means and/or the arithmetic unit.
  • the data are still in the transmission format defined by the communications standard, here in particular PCI Express. If content, in particular payload, is intended to be accessed directly by means of at least one authorization condition, and the payload is encrypted, a filter means of this kind would be provided directly following suitable decryption means.
  • a filter means implemented as part of a microchip that forms the interface unit is used as the filter means.
  • the filter means can thus be implemented in concrete terms by means of hardware, by modifying a corresponding interface unit microchip, and therefore be firmly integrated in the processing sequence, in terms of the hardware. This can in particular be a PCIe chip.
  • the filter means can preferably be configured exclusively by the data processing device itself, in particular exclusively, by the arithmetic unit.
  • the arithmetic unit for example, a CPU, thus preferably has exclusive configuration access to the filter means, which ensures the greatest possible autonomy and flexibility of the data processing device itself, according to which it is also possible, for example, to respond to attacks by means of the authorization conditions being made stricter or the communications connection being entirely deactivated.
  • At least one of the authorization conditions assessing at least one payload may check a minimum length and/or maximum length of a payload unit, a control command, a restriction of the function type of a control command described by the payload, and/or a restriction of the accessible memory region of the at least one storage means. Therefore, a restriction of the admissible payload in the communications data can be defined, initially for example by the length of a payload unit, which is intended to be written into a memory region of the storage means for example. It is thus possible to assume, for example, that the smaller a payload unit, for example, a control command, is, the less damage a malicious payload unit can do in the data processing device.
  • an authorization condition excludes certain function types/function classes. This in turn excludes certain types of access, in particular to storage means, in the data processing device, for example write access, manipulation access and the like.
  • the memory region in which the payload of the communications data may be stored can be restricted. Due to the corresponding structure thereof, payloads/control commands frequently aim at the use of certain memory regions of storage means of the data processing device, which regions may be particularly relevant for the security-critical functionality of the data processing device, as a result of which such particularly security-critical regions can be excluded for example by an authorization condition.
  • authorization conditions for all these criteria can be used, for example, for workaround solutions such as fragmentation of overall commands in the case of size restrictions and the like to be avoided.
  • further authorization conditions can be used, by means of which conditions a communication attribute describing the communications connection and/or the communications partner is evaluated.
  • a communication attribute describing the communications connection and/or the communications partner is evaluated.
  • the filter means can provide restrictions.
  • the configuration information may describe a security level having associated authorization conditions and/or parameters of the authorization conditions. Therefore, specific predetermined configuration information can be used for different security levels, with the result that the corresponding security level can be adjusted to the filter means within the data processing device in a particularly simple manner, by means of configuration access.
  • 16 security levels can be provided, which can thus be described, for example, by 2 bytes which relax restrictions for the communications data in a stepwise manner.
  • the procedure according to various embodiments as described herein can be used in a data processing system of a motor vehicle.
  • the data processing device forms a part of a motor vehicle, in particular a controller, and communicates with the at least one communications partner which is part of a data processing system of the motor vehicle.
  • modern motor vehicles are a specific example for complex data processing systems in which a wide variety of security levels or security regions can be defined, for example as more security-critical controllers (vehicle guidance, in particular fully automated vehicle guidance, security systems and the like), and less security-critical controllers (infotainment, etc.).
  • a mechanism allows for high-speed communication, for example, via PCI Express, comprising a feedback channel, but which nonetheless prevents, as far as possible, possibilities of manipulation from less security-critical controllers.
  • a data processing device in particular, a controller for a motor vehicle is disclosed.
  • the data processing device comprises an interface element having a filter means, at least one storage means, and an arithmetic unit, and is designed to carry out the method according to the embodiments as described herein.
  • a motor vehicle comprising a data processing device according to embodiments as described in this disclosure is disclosed. All the disclosure with regard to the method according to various embodiments as described herein can be transferred analogously to the data processing device and the motor vehicle as described herein.
  • FIG. 1 shows a data processing device, in accordance with some embodiments.
  • FIG. 1 shows a schematic sketch of a data processing device 1 that comprises at least one arithmetic unit 2 and at least one storage means 3 .
  • the data processing device 1 may further comprise at least one of the at least one storage means 3 to be implemented within the arithmetic unit 2 , which can also be designed as a CPU for example.
  • the data processing device 1 can be a controller of a motor vehicle.
  • communications connections are formed proceeding from the data processing device 1 .
  • At least one communications connection 4 to a communications partner 5 that is only indicated here uses the PCI Express communications standard (PCIe communications standard) for high-speed data transmission.
  • PCIe communications standard PCI Express communications standard
  • one interface unit 6 of the data processing device 1 is designed as a PCIe microchip.
  • filter means 7 which, owing to configuration information, checks incoming communications data against various authorization conditions, is integrated, in terms of hardware, into said interface unit 6 , i.e., provided in a manner fixed in the corresponding microchip, the payload contained in the communications data also actually being forwarded to the further components of the data processing device 1 , in this case the arithmetic unit 2 and the storage means 3 , only if all the authorization conditions are fulfilled. Accordingly, at least one of the authorization conditions evaluates a property of the payload contained in the communications data, it being possible for further authorization conditions to also relate to the communications partner 5 and/or to the communications connection 4 itself.
  • the communications partner 5 can furthermore be both what is known as an end point and an interposed switching means, for example, a bridging means, a switch and/or a multiplexer/demultiplexer.
  • the filter means 7 can be configured only from within the data processing device 1 , for example, by the arithmetic unit 2 .
  • a corresponding separate configuration channel can be provided for this purpose, but it is also possible to use a communications interface of the interface unit 6 that is used in any case for configuration purposes.
  • the configuration access is indicated by the arrow 8 in FIG. 1 .
  • FIG. 2 shows an operating sequence of a method, in accordance with some embodiments.
  • FIG. 2 explains in more detail the operating sequence of an embodiment of the method as can be implemented in the data processing device 1 .
  • communications data comprising a payload and a header are received, in the present case as data packets.
  • the communications data After passing through the physical layer and the datalink layer, the communications data reach the transaction layer, where the data packets (transaction layer packets—TLP) encounter the filter means 7 .
  • the corresponding filtering i.e., checking all the authorization conditions for each incoming data packet, takes place in step S 2 .
  • step S 3 If it is found, in the process, that at least one of the authorization conditions is not fulfilled, the data packet is rejected in step S 3 , and the method returns to step S 1 again for the next data packet. However, if all authorization conditions are fulfilled, in a step S 4 the communications data are processed further, as usual, in the interface unit 6 , and forwarded to the further components 2 , 3 of the data processing device 1 .
  • step S 5 it is possible to constantly monitor, within the arithmetic unit 2 , whether an attack is present or can be detected.
  • Reconfiguration (arrow 8 ) of the filter means 7 can take place in a step S 6 , for example the authorization conditions can be made stricter or the communications connection 4 can be entirely deactivated.
  • specific security levels having associated configuration information which describes the authorization conditions, are defined as shown in greater detail in table 9 of FIG. 3 .
  • each line corresponds to a security level L 1 , L 2 , etc.
  • P 1 -P 10 are parameters of authorization conditions.
  • P 1 and P 2 describe the admissible serial numbers of communications connections
  • P 3 and P 4 describe admissible serial numbers of communications partners.
  • P 5 -P 10 relate to contents-related authorization conditions.
  • P 5 and P 6 describe the range of admissible function types (function classes), P 7 and P 8 admissible memory regions of the at least one storage means 3 in which data may be written, and P 9 and P 10 the minimum length and maximum length of payload units.
  • payload units can correspond to control commands, but other payloads can also be processed by the filter means 7 .
  • security level L 1 may not be associated with any restrictions in the communication, while security level L 16 allows only signals on the first communications connection for the communications partner no. 16 and the first function class.
  • the target memory region and the amount of data are likewise clearly defined and restricted.
  • a suitable security level L 1 , L 2 , etc. can, as described, also be selected dynamically by means of the arithmetic unit 2 .
  • FIG. 4 shows a schematic sketch of a motor vehicle, in accordance with some embodiments.
  • FIG. 4 shows a schematic sketch of a motor vehicle 10 that comprises a data processing system 11 which comprises a plurality of data processing devices 1 A, 1 B and 1 C according to the embodiments as described herein. Only three data processing devices are shown for reasons of simple illustration.
  • Communications connections 4 ab , 4 ac , 4 bc exist in each case between the data processing devices 1 a , 1 b and 1 c , which communications connections are operated in accordance with the PCI Express communications standard.
  • Filter means 7 operated according to the invention are provided within the data processing devices 1 a , 1 b and 1 c in each case, such that each data processing device 1 a , 1 b and 1 c can ensure its own security in an autonomous manner and at an increased level of reliability, i.e., in particular irrespective of impairments of other parts of the data processing systems 11 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method for filtering communication data arriving from a communication partner via a communication connection, which provides access to at least one storage means of a receiving data processing device having at least one computation unit, in the data processing device, wherein PCI Express, in an interface unit, receiving the communication data, of the data processing device, a filter means, at least part of which is embodied as hardware, is used so that, according to configuration information, prescribed on the data processing device, containing at least one approval condition that rates the at least one property of the useful data contained in the communication data, only the communication data meeting at least one approval condition are forwarded from the interface unit to at least one further component of the data processing device.

Description

    TECHNICAL FIELD
  • The present disclosure relates to a method for filtering communications data, arriving from a communications partner via a communications connection that allows access to at least one storage means of a receiving data processing device, in the data processing device, a data processing device, and a motor vehicle.
  • BACKGROUND
  • Today, modern data processing systems, as part of overall apparatuses, for example motor vehicles, are becoming increasingly complex owing to the increasing demands on the performance capability of said data processing systems, as well as the technological possibilities for optimizing said data processing systems. In this case, technologies which are also used for conventional personal computers are increasingly used, even in other overall apparatuses, for example motor vehicles. Technologies of this kind also comprise in particular packet-based point-to-point communications standards, in particular the PCI Express communications standard (PCIe communications standard), which is typically used in order, for example, to connect peripheral devices to a chipset in a personal computer. PCI Express is one of the fastest available communications methods. Typical applications for PCI Express are applications in which large volumes of data have to be processed and/or transmitted in extremely short periods of time. In order to establish connections for example between one chipset and a plurality of peripheral devices, it is known to interpose bridging means, which can be designed for example as a multiplexer, switch, or the like. Bridging means of this kind can be “transparent” or “non-transparent,” and, therefore, act directly as a communications partner or allow a data processing device that can be reached via the bridging means to appear as a direct communications partner. A plurality of different architectures are possible and known.
  • In the case of communications standards such as PCI Express, the communications partners conventionally obtain direct access to storage means and arithmetic units of the data processing devices communicating therewith. This is also the case if overall apparatuses or the data processing systems thereof comprise security-critical parts which are intended to communicate with less safety-critical regions. For example, it is known in motor vehicles to consider driving and/or security system-related controllers as data processing devices, in particular also with respect to autonomous driving, to be rather security-critical data processing devices and which should therefore be associated with a security region, but which nonetheless are intended to communicate with data processing devices, in particular further controllers, assessed as less security-critical.
  • However, providing a bidirectional connection that allows access to storage means and/or arithmetic units in the security-critical data processing device would allow data processing devices classed as less security-critical, as communications partners, to carry out manipulations within the security-critical data processing device, for example, if the less security-critical communications partner has been hacked or replaced and/or the communications data were manipulated during transmission via the communications connection.
  • The simplest conceivable way for preventing an incentive of this kind would be that of providing only a monodirectional connection from the security region to the less security-critical communications partners. Although a solution of this kind would be secure, it is not realistic because assemblies without a feedback channel cannot be controlled/administered expediently. The replaceability of such an approach is therefore rather to be considered as restricted.
  • In another approach, it would be conceivable to provide a highly restricted feedback channel from less security-critical communications partners to the security-critical data processing device which restricts the possibilities of attack on the security-critical side. For example, only actuation signals without any payload can be received. However, a limitation of this kind has to be implemented as separate hardware, which is laborious and significantly limits the functionality of the feedback channel.
  • DE 10 2012 017 339 A1 relates to a computer system comprising at least two CPUs which each comprise a PCIe bus hierarchy, by means of which messages, which each comprise an origin address, a destination address, and a payload, can be transmitted between connected communications devices. The PCIe bus hierarchies are connected by a bridging means, such that messages can be exchanged between communications devices that are connected to different PCIe bus hierarchies, the computer system comprising at least one peripheral device having a communications device which can be used jointly by the CPUs, the bridging means comprising a translation means, which is designed for translating the destination address of messages that are transmitted from one PCIe bus hierarchy to another. In this context, it is also proposed to arrange observation devices, for monitoring the messages transmitted by the bridging means, between the bridging means and the PCIe hierarchies. In order to protect PCIe bus hierarchies that are connected to the bridging means, destination addresses and origin addresses can be evaluated, in order to reject messages if necessary.
  • Thus, observation devices are provided there at central positions in the data processing systems, which devices are to be configured as a whole. This solution is complex and inflexible, in particular if the observation devices are also subject to configuration access of less security-critical data processing devices.
  • BRIEF DESCRIPTION OF DRAWINGS/FIGURES
  • FIG. 1 shows a data processing device, in accordance with some embodiments.
  • FIG. 2 shows an operating sequence of a method, in accordance with some embodiments.
  • FIG. 3 shows a definition of security levels, in accordance with some embodiments.
  • FIG. 4 shows a schematic sketch of a motor vehicle, in accordance with some embodiments.
  • DETAILED DESCRIPTION
  • The object of the present disclosure is therefore that of specifying a possibility for improved, more flexible, and more independent protection of data processing devices within a data processing system of an overall apparatus, in particular of a motor vehicle.
  • In order to achieve this object, in some embodiments, a method is disclosed. The method includes receiving, at an interface unit of the data processing device, the communications data, using a filter means that is implemented as hardware at least in part, in accordance with configuration information that is specified on the side of the data processing device. The filter means contains at least one authorization condition that assesses at least one property of the payload contained in the communications data, and forwards only communications data that fulfill the at least one authorization condition from the interface unit to at least one further component of the data processing device.
  • The present disclosure is therefore based on the concept of implementing a hardware-based firewall, in the form of a filter means, on the side of the receiving data processing device. The filter means is assessed as security-critical, or the data processing device located in a security region, in which firewall is implemented by an interface unit, for example, a PCIe controlling chip. In this case, the payload can comprise control commands acting on the at least one storage means, the filter means being applied at least to the control signals. However, the procedure described here can also be applied to other payloads in the communications data, since it can also be the case that other payloads can cause damage in the memory of a data processing device and/or in an arithmetic unit of a data processing device. Depending on the configuration information, the filter means can reduce the amount of the available payload, in particular control signals which are actually forwarded to the relevant components, i.e., in particular the storage means and/or arithmetic unit, to the amount that is necessary and ensures security. In this way, the attack surface is minimized by the communications connection, without having to omit a fully functional feedback channel.
  • In some embodiments, the filter means is configured by the data processing device itself using a separate configuration channel within the data processing device, in particular proceeding from the arithmetic unit, and/or an existing configuration interface of the interface unit. Accordingly, the data processing device in a data processing system has control over the incoming messages and messages to be filtered out, via the communications connection. Thus, the present disclosure protects against incoming attacks and provides maximum autonomy to the data processing device as a subsystem instead of opening up access to an observation device centrally manipulating throughout data processing system.
  • By means of non-limiting example, irrespective of whether portions of the data processing system are compromised, the data processing device can use its own firewall in the form of the filter means. There is no master device that could change the firewall configuration information, since only the data processing device itself can change the configuration. Furthermore, each data processing device can react to incoming attaches and reduce, or even entirely close, the communications connection by means of corresponding reconfiguration of the filter means.
  • In some embodiments, the filter means can assess the content of the communications data, i.e., the payload. While the approaches known in the prior art can be referred to as “stateless packet inspection,” the present disclosure can be referred to as “stateful packet inspection.” Therefore, the content, in addition to the origin, the destination, and the communications path that the communications data have taken, is assessed. Accordingly, to directly access the payload, authorization criterion can access corresponding properties of the communications data contained in the header of packet-based communication. Therefore, forming the filter means in hardware at least in part, i.e., in particular integration in a chip that forms the interface unit, further restricts the possibilities of manipulation.
  • In some embodiments, filtering the communications traffic within the data processing device itself, but outside of the arithmetic unit and the storage means, allows for strict separation in distributed systems of data processing devices. The filter means in the interface unit, i.e., in particular in an external chip, furthermore makes it possible to use more simple residual components, in particular arithmetic units, for example, CPUs, in security-critical data processing devices, which use the communications standard of the communications connection. Outsourcing the filter means in the interface unit thus reduces the complexity of the data processing device itself. The mechanism according to embodiments as described herein can also be used in multiplexed/demultiplexed communications connections. In particular, a bridging means that is used does not need to have any information about the filter processes.
  • In some embodiments, a communications connection according to the PCI Express (PCIe) communications standard is used. A PCIe communications connection in principle represents a packet-based point-to-point connection, which as described at the outset, can also be used for a plurality of communications partners, by way of bridging means.
  • In some embodiments, it may be possible for the filter means to be applied in a communications layer acting in accordance with a communications standard used in the communications connection for the physical transport of formatted communications data, in particular a transaction layer in PCI Express. In this manner, hardware-assisted filtering within the transaction layer is therefore possible. This means that the filtering can purposely be located as close as possible to the physical reception of the communications data, in order to minimize the influence thereof on the data processing device, in particular the storage means and/or the arithmetic unit. In the transaction layer, the data are still in the transmission format defined by the communications standard, here in particular PCI Express. If content, in particular payload, is intended to be accessed directly by means of at least one authorization condition, and the payload is encrypted, a filter means of this kind would be provided directly following suitable decryption means.
  • In some embodiments, a filter means implemented as part of a microchip that forms the interface unit is used as the filter means. The filter means can thus be implemented in concrete terms by means of hardware, by modifying a corresponding interface unit microchip, and therefore be firmly integrated in the processing sequence, in terms of the hardware. This can in particular be a PCIe chip.
  • In some embodiments, the filter means can preferably be configured exclusively by the data processing device itself, in particular exclusively, by the arithmetic unit. In this case, the arithmetic unit, for example, a CPU, thus preferably has exclusive configuration access to the filter means, which ensures the greatest possible autonomy and flexibility of the data processing device itself, according to which it is also possible, for example, to respond to attacks by means of the authorization conditions being made stricter or the communications connection being entirely deactivated.
  • In some embodiments, at least one of the authorization conditions assessing at least one payload may check a minimum length and/or maximum length of a payload unit, a control command, a restriction of the function type of a control command described by the payload, and/or a restriction of the accessible memory region of the at least one storage means. Therefore, a restriction of the admissible payload in the communications data can be defined, initially for example by the length of a payload unit, which is intended to be written into a memory region of the storage means for example. It is thus possible to assume, for example, that the smaller a payload unit, for example, a control command, is, the less damage a malicious payload unit can do in the data processing device. It is also possible, in the communications standard and/or by means of a corresponding design of the filter means, to distinguish between different function types in the case of control commands described by the payload, for example, for said types to be classified in different manners, with the result that, according to a particularly preferred embodiment of the invention, an authorization condition excludes certain function types/function classes. This in turn excludes certain types of access, in particular to storage means, in the data processing device, for example write access, manipulation access and the like.
  • In some embodiments, the memory region in which the payload of the communications data may be stored can be restricted. Due to the corresponding structure thereof, payloads/control commands frequently aim at the use of certain memory regions of storage means of the data processing device, which regions may be particularly relevant for the security-critical functionality of the data processing device, as a result of which such particularly security-critical regions can be excluded for example by an authorization condition. By way of non-limiting example, authorization conditions for all these criteria can be used, for example, for workaround solutions such as fragmentation of overall commands in the case of size restrictions and the like to be avoided.
  • In some embodiments, in addition to the contents-related authorization conditions, further authorization conditions can be used, by means of which conditions a communication attribute describing the communications connection and/or the communications partner is evaluated. For example, in the case of the PCI Express communications standard it is known to identify the relevant communications partner within the communications information as well as the communications connection to said communications partner that is specifically used, if a plurality of communications connections are used. Thus, the filter means can provide restrictions.
  • In some embodiments, the configuration information may describe a security level having associated authorization conditions and/or parameters of the authorization conditions. Therefore, specific predetermined configuration information can be used for different security levels, with the result that the corresponding security level can be adjusted to the filter means within the data processing device in a particularly simple manner, by means of configuration access. By way of non-limiting example, 16 security levels can be provided, which can thus be described, for example, by 2 bytes which relax restrictions for the communications data in a stepwise manner.
  • The procedure according to various embodiments as described herein can be used in a data processing system of a motor vehicle. By way of non-limiting example, the data processing device forms a part of a motor vehicle, in particular a controller, and communicates with the at least one communications partner which is part of a data processing system of the motor vehicle. As already explained at the outset, modern motor vehicles are a specific example for complex data processing systems in which a wide variety of security levels or security regions can be defined, for example as more security-critical controllers (vehicle guidance, in particular fully automated vehicle guidance, security systems and the like), and less security-critical controllers (infotainment, etc.). In this case, a mechanism allows for high-speed communication, for example, via PCI Express, comprising a feedback channel, but which nonetheless prevents, as far as possible, possibilities of manipulation from less security-critical controllers.
  • In some embodiments, a data processing device, in particular, a controller for a motor vehicle is disclosed. The data processing device comprises an interface element having a filter means, at least one storage means, and an arithmetic unit, and is designed to carry out the method according to the embodiments as described herein. In some embodiments, a motor vehicle comprising a data processing device according to embodiments as described in this disclosure is disclosed. All the disclosure with regard to the method according to various embodiments as described herein can be transferred analogously to the data processing device and the motor vehicle as described herein.
  • Various embodiments are described in following with reference to the drawings.
  • FIG. 1 shows a data processing device, in accordance with some embodiments. FIG. 1 shows a schematic sketch of a data processing device 1 that comprises at least one arithmetic unit 2 and at least one storage means 3. The data processing device 1 may further comprise at least one of the at least one storage means 3 to be implemented within the arithmetic unit 2, which can also be designed as a CPU for example. By way of non-limiting example, the data processing device 1 can be a controller of a motor vehicle.
  • In accordance with some embodiments, in order to be able to communicate with other data processing devices of the motor vehicle, for example further controllers and/or other data processing devices, for example display devices, communications connections are formed proceeding from the data processing device 1. At least one communications connection 4 to a communications partner 5 that is only indicated here uses the PCI Express communications standard (PCIe communications standard) for high-speed data transmission. Accordingly, one interface unit 6 of the data processing device 1 is designed as a PCIe microchip. By way of non-limiting example, filter means 7 which, owing to configuration information, checks incoming communications data against various authorization conditions, is integrated, in terms of hardware, into said interface unit 6, i.e., provided in a manner fixed in the corresponding microchip, the payload contained in the communications data also actually being forwarded to the further components of the data processing device 1, in this case the arithmetic unit 2 and the storage means 3, only if all the authorization conditions are fulfilled. Accordingly, at least one of the authorization conditions evaluates a property of the payload contained in the communications data, it being possible for further authorization conditions to also relate to the communications partner 5 and/or to the communications connection 4 itself. The communications partner 5 can furthermore be both what is known as an end point and an interposed switching means, for example, a bridging means, a switch and/or a multiplexer/demultiplexer.
  • In accordance with some embodiments, the filter means 7 can be configured only from within the data processing device 1, for example, by the arithmetic unit 2. By way of non-limiting example, a corresponding separate configuration channel can be provided for this purpose, but it is also possible to use a communications interface of the interface unit 6 that is used in any case for configuration purposes. The configuration access is indicated by the arrow 8 in FIG. 1.
  • FIG. 2 shows an operating sequence of a method, in accordance with some embodiments. FIG. 2 explains in more detail the operating sequence of an embodiment of the method as can be implemented in the data processing device 1. In this case, in a step S1 communications data comprising a payload and a header are received, in the present case as data packets. After passing through the physical layer and the datalink layer, the communications data reach the transaction layer, where the data packets (transaction layer packets—TLP) encounter the filter means 7. The corresponding filtering, i.e., checking all the authorization conditions for each incoming data packet, takes place in step S2. If it is found, in the process, that at least one of the authorization conditions is not fulfilled, the data packet is rejected in step S3, and the method returns to step S1 again for the next data packet. However, if all authorization conditions are fulfilled, in a step S4 the communications data are processed further, as usual, in the interface unit 6, and forwarded to the further components 2, 3 of the data processing device 1.
  • In an optional step S5, it is possible to constantly monitor, within the arithmetic unit 2, whether an attack is present or can be detected. Reconfiguration (arrow 8) of the filter means 7 can take place in a step S6, for example the authorization conditions can be made stricter or the communications connection 4 can be entirely deactivated.
  • In accordance with some embodiments, specific security levels having associated configuration information, which describes the authorization conditions, are defined as shown in greater detail in table 9 of FIG. 3. In this case, each line corresponds to a security level L1, L2, etc. In this case, P1-P10 are parameters of authorization conditions. In this case, P1 and P2 describe the admissible serial numbers of communications connections, and P3 and P4 describe admissible serial numbers of communications partners. P5-P10 relate to contents-related authorization conditions. P5 and P6 describe the range of admissible function types (function classes), P7 and P8 admissible memory regions of the at least one storage means 3 in which data may be written, and P9 and P10 the minimum length and maximum length of payload units. In this case, payload units can correspond to control commands, but other payloads can also be processed by the filter means 7.
  • By way of non-limiting example, security level L1 may not be associated with any restrictions in the communication, while security level L16 allows only signals on the first communications connection for the communications partner no. 16 and the first function class. The target memory region and the amount of data are likewise clearly defined and restricted.
  • A suitable security level L1, L2, etc. can, as described, also be selected dynamically by means of the arithmetic unit 2.
  • FIG. 4 shows a schematic sketch of a motor vehicle, in accordance with some embodiments. FIG. 4 shows a schematic sketch of a motor vehicle 10 that comprises a data processing system 11 which comprises a plurality of data processing devices 1A, 1B and 1C according to the embodiments as described herein. Only three data processing devices are shown for reasons of simple illustration. Communications connections 4 ab, 4 ac, 4 bc exist in each case between the data processing devices 1 a, 1 b and 1 c, which communications connections are operated in accordance with the PCI Express communications standard. Filter means 7 operated according to the invention are provided within the data processing devices 1 a, 1 b and 1 c in each case, such that each data processing device 1 a, 1 b and 1 c can ensure its own security in an autonomous manner and at an increased level of reliability, i.e., in particular irrespective of impairments of other parts of the data processing systems 11.

Claims (13)

1.-10. (canceled)
11. A method for filtering communications data, the method comprising:
receiving, at a data processing device of a plurality of data processing devices, communications data from a first communications partner via a communications connection;
accessing at least one storage means of the data processing device, wherein the data processing device comprises at least one arithmetic unit, wherein the data processing device forms a part of a data processing system of a motor vehicle, and wherein the motor vehicle comprises the plurality of data processing devices;
assessing, using a filter means, at least one property of a payload of the communications data for verification of at least one authorization condition, wherein the filter means is partially implemented as hardware according to predetermined configuration information;
communicating, from the data processing device to a second communications partner, via an interface unit of the data processing device, the communications data that succeeded verification of the at least one authorization condition, wherein the second communications partner is part of the data processing system of the motor vehicle; and
forwarding the communications data that succeeded verification of the at least one authorization condition to at least one other component of the data processing device, wherein the at least one other component of the data processing device comprises the at least one arithmetic unit, and the at least one storage means.
12. The method of claim 11, further comprising establishing the communications connection as a packet-based point-to-point connection according to PCI Express communications standard.
13. The method of claim 11, wherein the filter means is implemented in a communications layer acting in accordance with a communications standard used in the communications connection for physical transport of formatted communications data.
14. The method of claim 13, wherein the communications layer comprises a transaction layer of PCI Express communications standard.
15. The method of claim 11, wherein the filter means is implemented as part of a microchip that forms the interface unit.
16. The method of claim 11, wherein the assessing comprises configuring the filter means by the at least one arithmetic unit.
17. The method of claim 11, wherein the assessing comprises assessing the at least one authorization condition that comprises minimum length or maximum length of the payload of the communications data, a control command described by the payload, a restriction of a function type of the control command, or a restriction of an accessible memory region of the at least one storage means.
18. The method of claim 11, wherein the assessing comprises assessing the at least one authorization condition that comprises checking the communications connection or the second communications partner.
19. The method of claim 11, wherein the predetermined configuration information comprises a security level having associated authorization conditions, or parameters of the authorization conditions.
20. The method of claim 11, wherein the data processing device is a controller.
21. A data processing device of a data processing system of a motor vehicle, the data processing device comprising:
an interface unit that comprises a filter means;
a storage means communicatively coupled with the interface unit; and
an arithmetic unit communicatively coupled with the storage means and the interface unit, wherein the arithmetic unit is configured to perform operations comprising:
receiving communications data from a first communications partner via a communications connection;
assessing, using the filter means, at least one property of a payload of the communications data for verification of at least one authorization condition, wherein the filter means is partially implemented as hardware according to predetermined configuration information;
communicating, from the data processing device to a second communications partner, via an interface unit of the data processing device, the communications data that succeeded verification of the at least one authorization condition, wherein the second communications partner is part of the data processing system of the motor vehicle; and
forwarding the communications data that succeeded verification of the at least one authorization condition to at least one other component of the data processing device, wherein the at least one other component of the data processing device comprises the arithmetic unit and the storage means.
22. A motor vehicle comprising a data processing device, wherein the data processing device is part of a data processing system of the motor vehicle, and wherein the data processing device comprises:
an interface unit that comprises a filter means;
a storage means communicatively coupled with the interface unit; and
an arithmetic unit communicatively coupled with the storage means and the interface unit, wherein the arithmetic unit is configured to perform operations comprising:
receiving communications data from a first communications partner via a communications connection;
assessing, using the filter means, at least one property of a payload of the communications data for verification of at least one authorization condition, wherein the filter means is partially implemented as hardware according to predetermined configuration information;
communicating, from the data processing device to a second communications partner, via an interface unit of the data processing device, the communications data that succeeded verification of the at least one authorization condition, wherein the second communications partner is part of the data processing system of the motor vehicle; and
forwarding the communications data that succeeded verification of the at least one authorization condition to at least one other component of the data processing device, wherein the at least one other component of the data processing device comprises the arithmetic unit and the storage means.
US16/632,611 2017-08-22 2018-08-22 Method for filtering communication data arriving via a communication connection, in a data processing device, data processing device and motor vehicle Active 2039-08-26 US11582189B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE102017214624.9 2017-08-22
DE102017214624.9A DE102017214624A1 (en) 2017-08-22 2017-08-22 Method for filtering communication data arriving via a communication connection in a data processing device, data processing device and motor vehicle
PCT/EP2018/072629 WO2019038317A1 (en) 2017-08-22 2018-08-22 Method for filtering communication data arriving via a communication connection in a data processing device, data processing device and motor vehicle

Publications (2)

Publication Number Publication Date
US20200244624A1 true US20200244624A1 (en) 2020-07-30
US11582189B2 US11582189B2 (en) 2023-02-14

Family

ID=63312025

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/632,611 Active 2039-08-26 US11582189B2 (en) 2017-08-22 2018-08-22 Method for filtering communication data arriving via a communication connection, in a data processing device, data processing device and motor vehicle

Country Status (5)

Country Link
US (1) US11582189B2 (en)
EP (1) EP3577568B1 (en)
CN (1) CN111033485B (en)
DE (1) DE102017214624A1 (en)
WO (1) WO2019038317A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3264648B1 (en) 2010-06-17 2023-09-06 Sun Patent Trust Pre-coding method and transmitter
EP3032769B1 (en) 2010-06-17 2017-09-13 Sun Patent Trust Pre-coding method and transmitter
DE102017221889B4 (en) 2017-12-05 2022-03-17 Audi Ag Data processing device, overall device and method for operating a data processing device or overall device
CN118227554A (en) * 2022-12-20 2024-06-21 成都芯海创芯科技有限公司 System on chip and car

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140032800A1 (en) * 2012-07-30 2014-01-30 GM Global Technology Operations LLC Vehicle message filter
US20200043251A1 (en) * 2017-04-28 2020-02-06 Continental Teves Ag & Co. Ohg Data transfer device and method for transferring data for a vehicle
US20220131834A1 (en) * 2018-08-29 2022-04-28 Volkswagen Aktiengesellschaft Device, method and computer program for providing communication for a control appliance of a vehicle, method, central device and computer program for providing an update, control appliance, and vehicle

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100609170B1 (en) * 2004-02-13 2006-08-02 엘지엔시스(주) system of network security and working method thereof
US7840763B2 (en) * 2004-03-12 2010-11-23 Sca Technica, Inc. Methods and systems for achieving high assurance computing using low assurance operating systems and processes
US20060136338A1 (en) 2004-12-16 2006-06-22 Intel Corporation Techniques for filtering attempts to access component core logic
US7694047B1 (en) 2005-02-17 2010-04-06 Qlogic, Corporation Method and system for sharing input/output devices
DE102005028663B4 (en) * 2005-06-15 2024-10-24 Volkswagen Ag Method and device for securely communicating a component of a vehicle via a wireless communication connection with an external communication partner
DE102005055419B3 (en) 2005-11-21 2007-04-12 Giesecke & Devrient Gmbh Double interface device for use in communication network, has data transfer control for connecting portable data carriers over hardware connections, where each carrier comprises one of external hardware-interfaces and hardware connections
KR101206542B1 (en) * 2006-12-18 2012-11-30 주식회사 엘지씨엔에스 Apparatus and method of securing network of supporting detection and interception of dynamic attack based hardware
DE102012017339B4 (en) * 2012-08-31 2014-12-24 Airbus Defence and Space GmbH computer system
WO2014210215A1 (en) * 2013-06-25 2014-12-31 Fedex Corporation Transport communication management
EP2983088A1 (en) 2014-08-06 2016-02-10 Airbus Defence and Space GmbH Memory protection unit

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140032800A1 (en) * 2012-07-30 2014-01-30 GM Global Technology Operations LLC Vehicle message filter
US20200043251A1 (en) * 2017-04-28 2020-02-06 Continental Teves Ag & Co. Ohg Data transfer device and method for transferring data for a vehicle
US20220131834A1 (en) * 2018-08-29 2022-04-28 Volkswagen Aktiengesellschaft Device, method and computer program for providing communication for a control appliance of a vehicle, method, central device and computer program for providing an update, control appliance, and vehicle

Also Published As

Publication number Publication date
DE102017214624A1 (en) 2019-02-28
EP3577568A1 (en) 2019-12-11
CN111033485A (en) 2020-04-17
EP3577568B1 (en) 2022-02-23
US11582189B2 (en) 2023-02-14
CN111033485B (en) 2023-09-26
WO2019038317A1 (en) 2019-02-28

Similar Documents

Publication Publication Date Title
US11582189B2 (en) Method for filtering communication data arriving via a communication connection, in a data processing device, data processing device and motor vehicle
US11651088B2 (en) Protecting a vehicle bus using timing-based rules
US11314661B2 (en) Hardware security for an electronic control unit
CN107710657B (en) Method and device for real-time data security of a communication bus
CN111434089B (en) Data processing device, assembly and method for operating a data processing device or assembly
KR20190032276A (en) A specially programmed computer system having an associated device configured to implement a security lockdown and a method of using the same
US20160261561A1 (en) One-way gateway, and vehicle network system and method for protecting network within vehicle using one-way gateway
CN110997442B (en) Computing device for providing access control to hardware resources
JP6822832B2 (en) Systems and methods for software communication
US12034771B2 (en) Automotive gateway providing secure open platform for guest applications
US20150254461A1 (en) Testing integrated independent levels of security components hosted on a virtualization platform
JP7160550B2 (en) Multi-core architecture, interface card and method for processing data packets
US10958472B2 (en) Direct access to bus signals in a motor vehicle
EP2983088A1 (en) Memory protection unit
CN111694299B (en) Communication system for vehicle
US20220318047A1 (en) Device and method for managing communication via interfaces in a virtualized system
US20230267204A1 (en) Mitigating a vehicle software manipulation
US20110010773A1 (en) Hardware command filter matrix integrated circuit with restriced command enforcement capability

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: AUDI AG, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:AHN, CHANGSUP;ZAWADZKI, KAMIL;KLEIN, MARKUS, DR.;AND OTHERS;SIGNING DATES FROM 20200110 TO 20200117;REEL/FRAME:051597/0630

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STCF Information on status: patent grant

Free format text: PATENTED CASE